The e-commerce industry regularly engages online marketers (affiliates) to attract traffic to their sites and boost online sales of products and services. Affiliate marketing involves advertisers (who are the sellers or merchants) hiring affiliates (who are publishers) to recommend their products and services to other companies and individuals online.
When an action occurs (e.g., a sale, lead, click, install, etc.) the affiliate receives a commission. This is an attractive pricing model for marketers because, theoretically, they only have to pay when their campaign actually performs (hence the term ‘performance marketing’).
eMarketer estimates that U.S. marketers will spend $6.4 billion on affiliate campaigns in 2019. With this much money at stake, it’s no surprise that criminal actors are attracted to, and operate within, the industry. The amount of fraud within affiliate campaigns may vary depending on the type of action and the payout amount to the affiliate (e.g., a 5 percent commission versus a 50 percent commission). While fraud rates may vary, marketers can see upwards of 20 percent in some cases where the signup is easy (a simple email submittal, for example) and the payout to the affiliate is high.
What is Affiliate Fraud?
Affiliate fraud can be defined as any time an affiliate fakes an action (e.g., a sale, lead, install, or click) in order to steal a commission. It can affect both sides of the affiliate industry: legitimate affiliate marketers suffer losses when fraudsters redirect purchases to parasite websites, effectively stealing their commissions, and advertisers lose because they end up paying commissions for fake sales, leads, installs, and clicks.
Common Types of Affiliate Fraud
There are several different ways fraudulent affiliates may try to steal commissions:
In a cost-per-click (CPC) affiliate campaign, an advertiser pays an affiliate for every click an ad receives. Click fraud occurs when an affiliate fakes the clicks. There are two main ways fraudsters commit click fraud: manually clicking on ads or through the use of bots and malware.
Manual click fraud occurs when a user physically clicks or pays someone else, to click on ads (i.e., click farms). The use of bots and malware involves employing a bot (a piece of malicious code) to automatically roam a website and click on the ads. Fraudsters often infect many computers with the same code through the use of malware to create a botnet, which is a group of computers all under the control of the fraudster. A botnet can then be directed to websites to click on ads, creating thousands of fake clicks a minute.
With lead fraud, the fraudulent affiliate takes advantage of the cost-per-lead (CPL) marketing model, where a marketer pays for every lead that’s generated by the affiliate. Companies that offer services (e.g., insurance companies, lawyers, universities, realtors, etc.) often use this model, and commissions can be lucrative for the affiliate.
Lead fraud occurs when fake leads are generated by the affiliate and the advertiser ends up paying for them. In some cases, the fraudster fills out the forms with fake information, so advertisers not only lose money on the commission they just paid out, but their time is also wasted chasing nonexistent people. In other cases the fraudster fills out forms with real contact information, sometimes from purchased or stolen lists.
This puts advertisers in an awkward situation because they’re reaching out to contacts with no interest in the product or service, which can result in angry interactions, not to mention wasted time. Like click fraud, lead fraud is carried out either manually (a person continuously fills out online lead forms) or through the use of bots. Bots have been become more sophisticated and are able to navigate to forms and complete them.
Install fraud involves the cost-per-install (CPI) marketing model. Here, advertisers are paying the affiliate for every install of their app the affiliate generates. This model is used most often by brands, gaming companies, and developers looking to target mobile users. Like other forms of fraud, the install fraudster fakes the installs using bots, malware, or by manually installing apps on multiple devices. Sophisticated bots can not only install apps but can forge user actions within the app to make the install appear legitimate. These fake installs earn fraudsters illegitimate commissions.
Sales fraud is based on the cost-per-sale model when an advertiser pays a commission for every sale generated by the affiliate. The fraud occurs when an affiliate fakes a sale – often with stolen credit card information – and collects the commission. Often times, commissions are paid out to the affiliate before the fraud scheme is discovered.
The advertiser is then faced with a chargeback from the credit card company and must return the purchase funds, however, they cannot recover the commission. In other schemes, the fraudsters make several purchases, collect the commissions, and then return the products.
How to protect yourself from Affiliate Fraud?
Looking for protection against affiliate fraud for your network or measurement platform? Contact Fraudlogix to find out how we can help you. We specialize in protecting against CPC, CPL CPI, and sales fraud.